Harald, Thanks for the response. I am beginning to believe that I have been misinformed. This, I am guessing, was based on someone's expectation that since ipchains required the use of ip_masq_ipsec.o and another module (the name now escapes me) to be able to do IPsec pass-through with NAT that iptables would then require ip_conntrack_ipsec.o and ip_nat_ipsec.o.
Let me pose this question anew... Are there any required modifications, other than just /not/ restricting the required ports, to be able to pass IPsec traffic when using your Linux system as a router and performing NAT. Respectfully, Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Harald Welte Sent: Monday, April 29, 2002 11:36 AM To: Eric B Kiser Cc: [EMAIL PROTECTED] Subject: Re: ip_conntrack_ipsec.o and ip_nat_ipsec.o On Wed, Apr 24, 2002 at 09:58:46AM -0400, Eric B Kiser wrote: > Howdy All, > > I am using Linux with kernel 2.4.18 as a firewall that is doing NAT. I need > to be able to make an IPSec connection _through_ this firewall to an IPSec > server on the internet. > > I am told that I need to have the modules ip_conntrack_ipsec.o and > ip_nat_ipsec.o for my Linux 2.4.18 Firewall to be able to NAT this > connection. It was also mentioned that a Mr. Harald Welte may have posted > these on the netfilter site. Who has told you about this? The modules don't exist, at least not provided by the netfilter/iptables project. I also haven't heared that some 3rd party is providing those modules > Regards, > Eric -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
